Technologies for securely exchanging sensor information include an in-vehicle computing system of a vehicle to establish a trusted execution environment and a secure communication channel between the trusted execution environment and a corresponding trusted execution environment of a coordination server. A private key is bound to the trusted execution environment of the in-vehicle computing system. The in-vehicle computing system confirms the authenticity of the coordination server, receives sensor data generated by a sensor of the vehicle, and generates an attestation quote based on the trusted execution environment of the in-vehicle computing system. The in-vehicle computing system further transmits, to the coordination server over the secure communication channel, the sensor data, the attestation quote, and a cryptographically-signed communication signed with the private key.
Legal claims defining the scope of protection, as filed with the USPTO.
1. An in-vehicle computing system of a vehicle for securely exchanging sensor information, the in-vehicle computing system comprising: a sensor to generate sensor data; a trusted execution environment module to establish a trusted execution environment on the in-vehicle computing system, wherein a private key is bound to the trusted execution environment of the in-vehicle computing system; and a communication module to establish a secure communication channel between the trusted execution environment of the in-vehicle computing system and a corresponding trusted execution environment of a coordination server via a network; wherein the trusted execution environment module is further configured to (i) confirm an authenticity of the coordination server, (ii) receive the sensor data from the sensor, (iii) generate, in response to the authentication of the coordination server, a vehicle attestation quote based on the trusted execution environment of the in-vehicle computing system, wherein the vehicle attestation quote indicates an integrity of the sensor data, (iv) transmit, to the coordination server over the secure communication channel via the network and by the communication module, the sensor data, the vehicle attestation quote for verification by the coordination server, and a cryptographically-signed communication signed with the private key, (v) receive, from the coordination server and in response to a verification of the vehicle attestation quote and the cryptographically-signed communication by the coordination server, sensor data generated by a remote vehicle, and (vi) perform, in response to authentication of the coordination server, a protection action against malicious actions based on the sensor data generated by the sensor of the vehicle and the sensor data generated by the remote vehicle; wherein to confirm the authenticity of the coordination server comprises to (vii) receive a server attestation quote from the coordination server based on the corresponding trusted execution environment of the coordination server, (viii) determine whether the server attestation quote is verified, and (ix) perform, in response to a determination that a verification of the server attestation quote was unsuccessful, an error-handling procedure.
2. The in-vehicle computing system of claim 1 , wherein to establish the trusted execution environment comprises to allocate a contiguous region of linear address space of a memory of the in-vehicle computing system for execution of a plurality of instructions that is protected from memory accesses originating from outside the contiguous region.
3. The in-vehicle computing system of claim 1 , wherein to establish the secure communication channel comprises to establish a Secure Sockets Layer channel between the trusted execution environment of the in-vehicle computing system and the corresponding trusted execution environment of the coordination server.
4. The in-vehicle computing system of claim 1 , wherein to verify the server attestation quote comprises to (i) transmit the server attestation quote to an attestation server and (ii) receive, from the attestation server in response to transmittal of the server attestation quote, an attestation result indicating whether the trusted execution environment of the coordination server is secure.
5. The in-vehicle computing system of claim 1 , wherein to confirm the authenticity of the coordination server comprises to verify an integrity of code executing in the corresponding trusted execution environment of the coordination server.
6. The in-vehicle computing system of claim 1 , further comprising a main processor and a security co-processor different from the main processor, wherein to establish the trusted execution environment comprises to establish a trusted execution environment on the security co-processor of the in-vehicle computing system; wherein to receive the sensor data comprises to receive, by the trusted execution environment of the in-vehicle computing system, the sensor data through a hardware-protected input-output path between the security co-processor and the sensor; and wherein the private key is bound to the security co-processor.
7. The in-vehicle computing system of claim 1 , wherein the private key is a private Enhanced Privacy Identification key corresponding with a public Enhanced Privacy Identification key accessible to the coordination server.
8. One or more non-transitory, machine-readable storage media comprising a plurality of instructions stored thereon that, in response to execution by an in-vehicle computing system, cause the in-vehicle computing system to: establish a trusted execution environment on the in-vehicle computing system; establish a secure communication channel between the trusted execution environment of the in-vehicle computing system and a corresponding trusted execution environment of a coordination server via a network; confirm, by the trusted execution environment of the in-vehicle computing system, an authenticity of the coordination server; receive, by the trusted execution environment of the in-vehicle computing system, sensor data generated by a sensor of the vehicle; generate, in response to an authentication of the coordination server and by the trusted execution environment of the in-vehicle computing system, a vehicle attestation quote based on the trusted execution environment of the in-vehicle computing system; transmit, over the secure communication channel via the network and in response to confirmation of the authenticity of the coordination server, (i) the sensor data, (ii) the vehicle attestation quote, and (iii) a cryptographically-signed communication signed with a private key bound to the trusted execution environment of the in-vehicle computing system to the coordination server; receive, from the coordination server and in response to a verification of the vehicle attestation quote and the cryptographically-signed communication by the coordination server, sensor data generated by a remote vehicle; and perform, in response to authentication of the coordination server, a protection action against malicious actions based on the sensor data generated by the sensor of the vehicle and the sensor data generated by the remote vehicle; wherein to confirm the authenticity of the coordination server comprises to (iv) receive a server attestation quote from the coordination server based on the corresponding trusted execution environment of the coordination server, (v) determine whether the server attestation quote is verified, and (vi) perform, in response to a determination that a verification of the server attestation quote was unsuccessful, an error-handling procedure.
9. The one or more non-transitory, machine-readable storage media of claim 8 , wherein to establish the trusted execution environment comprises to allocate a contiguous region of linear address space of a memory of the in-vehicle computing system for execution of a plurality of instructions that is protected from memory accesses originating from outside the contiguous region.
10. The one or more non-transitory, machine-readable storage media of claim 8 , wherein to verify the server attestation quote comprises to (i) transmit the server attestation quote to an attestation server and (ii) receive, from the attestation server in response to transmitting the server attestation quote, an attestation result indicating whether the trusted execution environment of the coordination server is secure.
11. The one or more non-transitory, machine-readable storage media of claim 8 , wherein to confirm the authenticity of the coordination server comprises to verify an integrity of code executing in the corresponding trusted execution environment of the coordination server.
12. The one or more non-transitory, machine-readable storage media of claim 8 , wherein to: establish the trusted execution environment comprises to establish a trusted execution environment on a security co-processor of the in-vehicle computing system; receive the sensor data comprises to receive, by the trusted execution environment of the in-vehicle computing system, the sensor data through a hardware-protected input-output path between the security co-processor and the sensor; and the private key is bound to the security co-processor.
13. The one or more non-transitory, machine-readable storage media of claim 8 , wherein the private key is a private Enhanced Privacy Identification key corresponding with a public Enhanced Privacy Identification key accessible to the coordination server.
14. A coordination server for coordinating the secure exchange of sensor information between vehicles, the coordination server comprising: a trusted execution environment module to (i) establish a trusted execution environment on the coordination server and (ii) generate a server attestation quote based on the trusted execution environment of the coordination server; a communication module to (i) establish a secure communication channel between the trusted execution environment of the coordination server and a corresponding trusted execution environment of an in-vehicle computing system of a vehicle via a network, (ii) transmit, over the secure communication channel via the network, the server attestation quote to the in-vehicle computing system, and (iii) receive, from the in-vehicle computing system over the secure communication channel and in response to a verification of the server attestation quote by the in-vehicle computing system, sensor data generated by a sensor of the vehicle, a vehicle attestation quote based on the corresponding trusted execution environment of the in-vehicle computing system, and a cryptographically-signed communication signed with a private key bound to the trusted execution environment of the in-vehicle computing system; wherein the trusted execution environment module is further configured to determine whether the vehicle attestation quote, the private key associated with the cryptographically-signed communication, and a revocation status of the private key are verified and perform, in response to a determination that a verification of at least one of the vehicle attestation quote, the private key, and the revocation status of the private key was unsuccessful, an error-handling procedure; and a sensor data processing module to process the sensor data in response to verification of the vehicle attestation quote and the private key and a determination that the private key has not been revoked.
15. The coordination server of claim 14 , wherein to process the sensor data comprises to transmit the sensor data to a second in-vehicle computing system of a remote vehicle.
16. The coordination server of claim 14 , wherein to verify the vehicle attestation quote comprises to: transmit the vehicle attestation quote to an attestation server; and receive, from the attestation server in response to transmittal of the vehicle attestation quote, an attestation result indicating whether the trusted execution environment of the in-vehicle computing system is secure.
17. The coordination server of claim 14 , wherein the private key is a private Enhanced Privacy Identification key corresponding with a public Enhanced Privacy Identification key accessible to the coordination server; and wherein to verify the private key comprises to apply the public Enhanced Privacy Identification key to the cryptographically-signed communication.
18. The coordination server of claim 14 , wherein to verify the revocation status of the private key comprises to compare the private key to a revocation list of a manufacturer server.
19. The local computing device of claim 14 , wherein to establish the trusted execution environment comprises to allocate a contiguous region of linear address space of a memory of the coordination server for execution of a plurality of instructions that is protected from memory accesses originating from outside the contiguous region.
20. A local computing device for securely exchanging sensor information, the local computing device comprising: a sensor to generate sensor data; a trusted execution environment module to establish a trusted execution environment on local computing device, wherein a private key is bound to the trusted execution environment; and a communication module to establish a secure communication channel between the trusted execution environment of the local computing device and a corresponding trusted execution environment of a coordination server via a network; wherein the trusted execution environment module is further configured to (i) confirm an authenticity of the coordination server, (ii) receive the sensor data from the sensor, (iii) generate, in response to an authentication of the coordination server, an attestation quote based on the trusted execution environment of the local computing device, (iv) transmit, to the coordination server over the secure communication channel via the network and by the communication module, the sensor data, the attestation quote, and cryptographically signed communication signed with the private key, (v) receive, from the coordination server and in response to a verification of the vehicle attestation quote and the cryptographically-signed communication by the coordination server, sensor data generated by a remote vehicle, and (vi) perform, in response to authentication of the coordination server, a protection action against malicious actions based on the sensor data generated by the sensor of the vehicle and the sensor data generated by the remote vehicle; wherein to confirm the authenticity of the coordination server comprises to (vii) receive a server attestation quote from the coordination server based on the corresponding trusted execution environment of the coordination server, (viii) determine whether the server attestation quote is verified, and (ix) perform, in response to a determination that a verification of the server attestation quote was unsuccessful, an error-handling procedure.
21. The local computing device of claim 20 , wherein to establish the trusted execution environment comprises to allocate a contiguous region of linear address space of a memory of the local computing device for execution of a plurality of instructions that is protected from memory accesses originating from outside the contiguous region.
Cooperative Patent Classification codes for this invention. Click any code to explore related patents in that topic.
September 26, 2014
October 16, 2018
Browse 5M+ US patents with plain-English claim translations and AI-generated analysis.